Yes, this is feasible, and you can implement it using a combination of client-side and server-side logic in ServiceNow. Here's a detailed approach on how you can achieve this without using User Criteria while providing the catalog owners the flexibility to change the passkey anytime:

Steps to Implement a Passkey-Based Access Mechanism for a Catalog Item:

1. Add a Custom Field for the Passkey in the Catalog Item Table:

   • Add a new field (e.g., u_passkey) in the sc_cat_item table or the respective catalog item record where the catalog owner can set the passkey.
   • Make this field editable only for catalog managers or owners so they can update it as needed.

2. Create a Variable for Passkey Input:

   • On the catalog item form, create a variable (e.g., Passkey) of type Single Line Text.
   • This variable will be used to collect the passkey from the user when they try to access the item.

3. Client Script to Verify the Passkey:

   • Add an onLoad client script on the catalog item to prompt the user for the passkey before they can proceed to see the form.

   Here's a sample onLoad client script:
   
   

   function onLoad() {
   // Check if the current session has already been validated
   if (sessionStorage.getItem('passkey_validated') === 'true') {
   return; // Passkey already validated, no further action needed
   }

   // Prompt the user for a passkey
   var userInput = prompt("Please enter the passkey to access this catalog item:");

   // Make an AJAX call to validate the passkey against the stored passkey in the catalog item
   var ga = new GlideAjax('CatalogPasskeyValidator');
   ga.addParam('sys_id', g_form.getParameter('sys_id'));
   ga.addParam('user_passkey', userInput);
   ga.getXMLAnswer(function(response) {
   if (response === 'valid') {
   // Store the validation in the session for this session only
   sessionStorage.setItem('passkey_validated', 'true');
   } else {
   // If invalid, display a message and redirect the user to the homepage
   alert("Invalid passkey. You do not have access to this catalog item.");
   window.location.href = '/';
   }
   });
   }
   
   Explanation:

   1. This script prompts the user for a passkey when they load the catalog item.
   2. It uses a GlideAjax call to validate the entered passkey against the stored passkey in the catalog item record.
   3. If the passkey is valid, it sets a flag in the session storage to avoid repeated prompts for the duration of the user’s session.

If the passkey is invalid, it redirects the user to the homepage.

 4. GlideAjax Script Include for Passkey Validation:

• Create a Script Include (e.g., CatalogPasskeyValidator) with the following code:
  
  

  var CatalogPasskeyValidator = Class.create();
  CatalogPasskeyValidator.prototype = Object.extendsObject(AbstractAjaxProcessor, {

  validatePasskey: function() {
  var catalogItemSysId = this.getParameter('sys_id');
  var userPasskey = this.getParameter('user_passkey');

  // Query the catalog item record for the stored passkey
  var gr = new GlideRecord('sc_cat_item');
  if (gr.get(catalogItemSysId)) {
  var storedPasskey = gr.getValue('u_passkey');
  if (storedPasskey === userPasskey) {
  return 'valid';
  }
  }
  return 'invalid';
  }

  });
  
  
  

  • Explanation:
    • This Script Include queries the catalog item record based on the sys_id to retrieve the stored passkey.
    • It then compares it with the user-provided passkey and returns either 'valid' or 'invalid'.

• Allow Catalog Owners to Update the Passkey:

  • Ensure that the passkey field (u_passkey) is only visible and editable for catalog owners or managers. This can be achieved using ACLs or UI Policies.
  • This way, catalog owners can update the passkey anytime, and the latest value will be validated against user input.

Please Accept this as a Solution if it is helpful!